CVE-2026-23082
Published: Feb 4, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error In commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak"), the URB was re-anchored before usb_submit_urb() in gs_usb_receive_bulk_callback() to prevent a leak of this URB during cleanup. However, this patch did not take into account that usb_submit_urb() could fail. The URB remains anchored and usb_kill_anchored_urbs(&parent->rx_submitted) in gs_can_close() loops infinitely since the anchor list never becomes empty. To fix the bug, unanchor the URB when an usb_submit_urb() error occurs, also print an info message.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 9c151898cc259a7784be60ba38664f42ede39b31 - < da01de754e455e2598a7f1ce4ff2078c4f0ecde1affected ec5ccc2af9e5b045671f3f604b57512feda8bcc5 - < aa8a8866c533a150be4763bcb27993603bd5426caffected f905bcfa971edb89e398c98957838d8c6381c0c7 - < ce4352057fc5a986c76ece90801b9755e7c6e56caffected 08624b7206ddb9148eeffc2384ebda2c47b6d1e9 - < c610b550ccc0438d456dfe1df9f4f36254ccaae3affected 9f669a38ca70839229b7ba0f851820850a2fe1f7 - < c3edc14da81a8d8398682f6e4ab819f09f37c0b7+1 more versions |
Linux | Linux | affected 6.12.67 - < 6.12.68affected 6.18.7 - < 6.18.8 |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now